Submit #834232: ZTE ZXHN H298A / ZXHN H108N H298A 1.1 / H108N 2.6 Sensitive Data Exposureinfo

TitleZTE ZXHN H298A / ZXHN H108N H298A 1.1 / H108N 2.6 Sensitive Data Exposure
DescriptionZTE ZXHN H298A 1.1 and ZXHN H108N 2.6 expose privileged configuration data to unauthenticated callers through GET /getpage.lua?pid=1000&ETHCheat=1. The returned HTML contains the administrator password, WLAN PSK, and ESSID in hidden input fields, and a related wizard endpoint exposes serial information. This is a direct authentication-boundary failure because the live management secrets are disclosed in the response body before login.
Source⚠️ https://minanagehsalalma.github.io/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure/
User
 MonxResearch (UID 98419)
Submission05/20/2026 18:15 (21 days ago)
Moderation06/05/2026 18:59 (16 days later)
StatusAccepted
VulDB entry361715 [ZTE ZXHN H298A 1.1 Router Web Interface information disclosure]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!